United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 

Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.uspto.gov 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. 



CONFIRMATION NO, 



09/802,200 



25259 



03/08/2001 



Daryl Carvis Cromer 



05/16/2006 



7590 

IBM CORPORATION 

3039 CORNWALLIS RD. 

DEPT. T81 / B503, PO BOX 12195 

REASEARCH TRIANGLE PARK, NC 27709 



RPS9 20000070US1 



6701 



EXAMINER 



TRUONG, THANHNGA B 



ART UNIT 



PAPER NUMBER 



2135 

DATE MAILED: 05/16/2006 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



/n 1*1/1/ if vjiiiiiinaiy 


Application No. 

09/802,200 


Applicant(s) 

CROMER ETAL 


Examiner 

Thanhnga B. Truong 


Art Unit 

2135 





The MAILING DATE of this communication appears on the cover sheet with the correspondence address 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of lime may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communicalion. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing dale of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)13 Responsive to communication(s) filed on 23 February 2006 , 
2a)0 This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under £x parte Quayle, 1 935 CD. 11, 453 O.G. 21 3. 

Disposition of Claims 

4) El Claim(s) 1-3.5-41 and 43-53 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) [3 Claim(s) 1-3.5-41 and 43-53 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)13 The drawing(s) filed on 08 March 2001 is/are: a)S accepted or b)D objected to by the Examiner. 
Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

1 2)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 1 9(a)-(d) or (0- 
a)Q All b)D Some * c)Q None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) □ Notice of References Cited (PTO-892) 

2) [Zl Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) □ Information Disclosure Statement(s) (PTO-1449or PTO/SB/08) 

Paper No(s)/Mail Date . 



4) O Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

5) CI Notice of Informal Patent Application (PTO-1 52) 

6) □ Other: . 



U.S. Patent and Trademark Office 

PTOL-326 (Rev. 7-05) 



Office Action Summary 



Part of Paper No./Mail Date 050106 



Application/Control Number: 09/802,200 
Art Unit: 2135 



Page 2 



DETAILED ACTION 

1 . Applicant's amendment filed on January 9, 2006 and February 23, 2006 
have been entered. Claims 1-3, 5-41, and 43-53 are pending. Claims 10, 18, 26, and 
34, are amended by the applicant. Claims 4 and 42 are also canceled by the applicant. 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 1-2, 5-14, 16-22, 24-30, 32-38, 40, 43-47, 49-53 are rejected under 
35 U.S.C. 103(a) as being unpatentable over Baltzley (US 6,154, 543), and further in 
view of Chandra et al (US 4,817,140). 

a. Referring to claim 1: 

i. Baltzley teaches: 

(1 ) a plurality of client computers, a server, and a plurality 
of computer readable media, wherein each computer readable medium (i.e., floppy disk, 
compact disc (CD), etc.) within said plurality of computer readable media is 
transportable to each client computer in said plurality of client computers and is 
readable and writable within each client computer in said plurality of client computers 
[i.e., the public key cryptosystem with roaming user capability comprises a 
network having multiple client computers and multiple encryption servers. The 
network allows secure communication between the client computers and the 
encryption servers (column 2, lines 21-25). In addition, Figure 1 shows one 
embodiment of the public key cryptosystem with roaming user capability 200 of 
the present invention within a communication network system 1000 comprising 
an encryption server 105 connected to a network of multiple client machines 110 
through communication channels 115 which may each be comprised of a secure 
socket layer (column 4, lines 7-13). Figure 2 shows a client machine 110 which 
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can comprise incoming and outgoing communication channels 115, a memory 
205, and one or more processors 210, such as microprocessors or digital signal 
processors. Memory 205 can include any storage medium (i.e., floppy disk, 
compact disc (CD), etc., which transferable from one machine to the other), 
including RAM, a hard drive, and tape memory (column 4, lines 18-23)], 

(2) said server generates a secure transfer key pair and 
encrypts a private key of said secure transfer key pair [i.e., as depicted in Figure 3 
(see associated descriptions for details)], 

(3) said secure transfer key pair is transferred to each of 
said client computers in said plurality thereof with said private key of said secure 
transfer key pair in an encrypted form [i.e., the Enabler computer program 
communicates with the Server computer program to enable a user to both read 
encrypted digital messages sent to him or her and send encrypted digital 
messages to other users. To read encrypted digital messages sent to a user, the 
user is first prompted for a passphrase. The passphrase is then hashed and 
transmitted to the encryption server for authentication. Once the hashed 
passphrase is authenticated, the encryption server transmits the user's encrypted 
private key back to the client computer, where it is decrypted. The user may now 
use the private key to read any digital messages he has received (column 2, lines 
38-47)], and 

(4) each client computer in said plurality thereof is 
programmed to generate token data including said portion of said token data encrypted 
with a public key of said secure transfer key pair, to record said token data on a 
computer readable medium in said plurality of computer readable media, to read said 
token data from a computer readable medium in said plurality of computer readable 
media, to decrypt said private key of said secure transfer key pair, to decrypt said 
portion of said token data with said private key of said secure transfer key pair, and to 
be enable to perform (i.e., read, write, or edit, etc..) a predetermined task after 
decrypting said portion of said token data [i.e., as depicted in Figures 5 and 7 (see 
associated descriptions for details in column 5, lines 8-61 and column 6, line 53 
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through column 7, line 11). In addition, Figure 1 shows one embodiment of the 
public key cryptosystem with roaming user capability 200 of the present 
invention within a communication network system 1000 comprising an encryption 
server 105 connected to a network of multiple client machines 110 through 
communication channels 115 which may each be comprised of a secure socket 
layer (column 4, lines 7-13). Figure 2 shows a client machine 110 which can 
comprise incoming and outgoing communication channels 115, a memory 205, 
and one or more processors 210, such as microprocessors or digital signal 
processors. Memory 205 can include any storage medium (i.e., floppy disk, 
compact disc (CD), etc., which transferable from one machine to the other), 
including RAM, a hard drive, and tape memory (column 4, lines 18-23). In order to 
read encrypted digital messages sent to a user, the user is first prompted for a 
passphrase. The passphrase is then hashed and transmitted to the encryption 
server for authentication. Once the hashed passphrase is authenticated, the 
encryption server transmits the user's encrypted private key back to the client 
computer, where it is decrypted. The user may now use the private key to read 
any digital messages he has received (column 2, lines 40-48)]. 

ii. However, Baltzley does not explicitly mention: 

(1 ) encrypted/decrypted portion of token data. 

in. Chandra, on the other hand, teaches: 

(1) In accordance with Chandra's invention software can 
be distributed on magnetic media (such as tape or floppy disk) or by other means 
(telephone lines, cable or broadcast transmission). The software is partitioned into an 
encrypted portion P.sub.e and an unencrypted (clear text) portion P.sub.e. The choice 
of the partitioning is made by the software vendor with the understanding that only the 
encrypted portion will be protected from piracy. The encrypted portion, P.sub.e of the 
software will be decrypted and executed by a physically and logically secure 
coprocessor if the coprocessor possesses the decryption key which embodies the right 
to execute. The protected part of the software is, thus, never exposed in plaintext form 
and never executed by unauthorized systems (column 3, lines 52-66). 
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iv. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) mention/include a software asset protection 
mechanism (in Baltzley) which is based on the separation of the software to be 
protected from the right to execute that software (see abstract of Chandra). 

v. The ordinary skilled person would have been motivated to: 
(1) mention/include a software asset protection 

mechanism (in Baltzley) because the typical software purchaser may still duplicate at 
will the software he has received from the vendor. However, he cannot duplicate the 
right to use the software; in fact he receives a single right to use the software (column 
3, lines 39-43 of Chandra). 

b. Referring to claim 2: 

i. Baltzley further teaches: 

(1) wherein each client computer in said plurality thereof 
generates a platform key pair, a public key of said platform key pair is transferred to 
said server [i.e., as depicted in Figure 5 (see associated descriptions for details)], 
and 

(2) said secure transfer key pair is transferred to each of 
said client computers in said plurality thereof with said private key of said secure 
transfer key pair encrypted with said public key of said platform key pair of said client 
computer, and each client computer in said plurality thereof stores said secure transfer 
key pair with said private key of said secure transfer key pair encrypted with said public 
key of said platform key pair and subsequently decrypts said private key of said secure 
transfer key pair with said private key of said platform key pair [i.e., as depicted in 
Figures 5 and 7 (see associated descriptions for details in column 5, lines 8-61 
and column 6, line 53 through column 7, line 11)]. 

c. Referring to claim 4: 

i. This claim is canceled by the applicant (see Amendments to 
Claims filed by applicant on September 9, 2005). 

d. Referring to claim 5: 
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i. Baltzley further teaches: 

(1) each client computer in said plurality of client 
computers includes an input device for providing a numeric input [i.e., referring to 
Figures 1 and 2, a client machine 110 includes a keyboard (not label) for entering 
input data (see associated descriptions for details), 

(2) said portion of said token data includes a PIN, each 
client computer in said plurality of client computers, after decrypting said portion of said 
token data read from said computer readable medium, compares said PIN included 
within said token data with said numeric input provided through said input device, and 
each client computer within said plurality of client computers is enabled to perform a 
predetermined task in response to determining an equivalence between said PIN and 
said numeric input provided through said input device [i.e., the Enabler computer 
program communicates with the Server computer program to enable a user to 
both read encrypted digital messages sent to him or her and send encrypted 
digital messages to other users. To read encrypted digital messages sent to a 
user, the user is first prompted for a passphrase (which includes PIN or 
password). The passphrase is then hashed and transmitted to the encryption 
server for authentication. Once the hashed passphrase is authenticated, the 
encryption server transmits the user's encrypted private key back to the client 
computer, where it is decrypted. The user may now use the private key to read 
any digital messages he has received. In addition, Baltzley's invention provides 
an important technical advantage by providing a way to securely store a user's 
private key on an encryption server by symmetrically encrypting it with a 
passphrase so that no one but the user has access to it (column 2, lines 38-58)]. 

e. Referring to claim 6: 

I Baltzley further teaches: 

(1) said system additionally comprises a communications 
network connecting said server with each of said client computers in said plurality 
thereof [i.e., Figure 1 shows one embodiment of the public key cryptosystem with 
roaming user capability 200 of the present invention within a communication 
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network system 1000 comprising an encryption server 105 connected to a 
network of multiple client machines 110 through communication channels 115 
which may each be comprised of a secure socket layer. The public cryptosystem 
with roaming user capability 200 may have a firewall or any other security devices 
placed between the encryption server 105 and the client machines 110 to further 
secure the encryption server 105 from being hacked or broken into (column4, 
lines 6-16)], and 

(2) said secure transfer key is transmitted over said 
communications network from said server to each of said client computers in said 
plurality thereof with said private key of said secure transfer key pair in said encrypted 
form [i.e., referring to Figure 6, in step 620, the encryption server 105 
authenticates the hashed passphrase and transmits the encrypted private key 320 
back to the client computer 110 (column 6, lines 9-12)]. 
f. Referring to claim 7: 

i. Baltzley further teaches: 

(1) wherein each client computer in said plurality thereof 
generates a platform key pair and transmits a public key of said platform key. pair to said 
server over said communications network, said server transmits said secure transfer 
key pair over said communications network to each of said client computers in said 
plurality thereof with said platform key pair of said client computer, and each client 
computer in said plurality thereof stores said secure transfer key pair with said private 
key of said secure transfer key pair encrypted with said public key of said platform key 
pair and subsequently decrypts said private key of said secure transfer key pair with 
said private key of said platform key pair [i.e., the client computer executes a New 
User computer program and an Enabler computer program to facilitate secure 
communication. Both the New User computer program and the Enabler computer 
program communicate with a Server computer program located on the encryption 
server. The New User computer program communicates with the Server 
computer program to generate a public/private key pair, a user identifier, and a 
user passphrase. The private key is then encrypted with the user passphrase 
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yielding an encrypted private key, which is transmitted with the public key to the 
encryption server. The Enabler computer program communicates with the Server 
computer program to enable a user to both read encrypted digital messages sent 
to him or her and send encrypted digital messages to other users. To read 
encrypted digital messages sent to a user, the user is first prompted for a 
passphrase. The passphrase is then hashed and transmitted to the encryption 
server for authentication. Once the hashed passphrase is authenticated, the 
encryption server transmits the user's encrypted private key back to the client 
computer, where it is decrypted. The user may now use the private key to read 
any digital messages he has received (column 2, lines 26-47)]. 

g. Referring to claim 8: 

i. This claim has limitations that is similar to those of claim 1, 
thus it is rejected with the same rationale applied against claim 1 above. 

h. Referring to claim 9: 

i. This claim has limitations that is similar to those of claim 7, 
thus it is rejected with the same rationale applied against claim 7 above. 

i. Referring to claim 10: 

i. Baltzley teaches: 

(1) receiving a secure transfer key pair generated within 
a server separate from said plurality of computer systems; storing said secure transfer 
key pair [i.e., referring to Figure 3, the private key is then encrypted with the user 
passphrase yielding an encrypted private key, which is transmitted with the 
public key to the encryption server 105 for storing (column 2, lines 35-37). As a 
matter of fact, once the passphrase is hashed and transmitted to the encryption 
server for authentication. The New User computer program communicates with 
the Server computer program to generate a public/private key pair, a user 
identifier, and a user passphrase. Once the hashed passphrase is authenticated, 
the encryption server transmits (emphasis added) the user's encrypted private 
key back to the client computer, where it is decrypted. The user may now use the 
private key to read any digital messages he has received (column 2, lines 44-48 
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and refer to Figure 6 for further details). It is further understood that a client 
machine or computer or device is also a client/server. The rejection is also 
applied to those claims with similar limitations]; 

(2) after storing said secure transfer key pair, in response 
to an indication that token data is to be recorded, encrypting a portion of said token data 
with a public key of said secure transfer key pair; and recording said token data, 
including said portion of said token data encrypted with said public key of said secure 
transfer key pair on a computer readable medium [i.e., the Enabler computer 
program and the Server computer program also work in conjunction to send 
encrypted digital messages. Once a digital message is generated, it is encrypted 
with a client recipient's public key. The encrypted message is then transmitted to 
the client recipient computer (column 2, lines 49-57)]; and 

(3) after storing said secure transfer key pair, in response 
to an indication that token data is to be read, reading said token data from a computer 
readable medium, and decrypting a portion of said data with a private key of said secure 
transfer key pair, and being enable to perform a predetermined task after decrypting 
said portion of said data [i.e., to read encrypted digital messages sent to a user, the 
user is first prompted for a passphrase. The passphrase is then hashed and 
transmitted to the encryption server for authentication. Once the hashed 
passphrase is authenticated, the encryption server transmits the user's encrypted 
private key back to the client computer, where it is decrypted. The user may now 
use the private key to read any digital messages he has received (column 2, lines 
40-48). In order to read encrypted digital messages sent to a user, the user is first 
prompted for a passphrase. The passphrase is then hashed and transmitted to 
the encryption server for authentication. Once the hashed passphrase is 
authenticated, the encryption server transmits the user's encrypted private key 
back to the client computer, where it is decrypted. The user may now use the 
private key to read any digital messages he has received (column 2, lines 40-48)]. 

ii. However, Baltzley does not explicitly mention: 
(1 ) encrypted/decrypted portion of token data. 
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iii. Chandra, on the other hand, teaches: 

(1) In accordance with Chandra's invention software can 
be distributed on magnetic media (such as tape or floppy disk) or by other means 
(telephone lines, cable or broadcast transmission). The software is partitioned into an 
encrypted portion P.sub.e and an unencrypted (clear text) portion P.sub.c. The choice 
of the partitioning is made by the software vendor with the understanding that only the 
encrypted portion will be protected from piracy. The encrypted portion, P.sub.e of the 
software will be decrypted and executed by a physically and logically secure 
coprocessor if the coprocessor possesses the decryption key which embodies the right 
to execute. The protected part of the software is, thus, never exposed in plaintext form 
and never executed by unauthorized systems (column 3, lines 52-66). 

iv. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) mention/include a software asset protection 
mechanism (in Baltzley) which is based on the separation of the software to be 
protected from the right to execute that software (see abstract of Chandra). 

v. The ordinary skilled person would have been motivated to: 
(1) mention/include a software asset protection 

mechanism (in Baltzley) because the typical software purchaser may still duplicate at 
will the software he has received from the vendor. However, he cannot duplicate the 
right to use the software; in fact he receives a single right to use the software (column 
3, lines 39-43 of Chandra). 

m. Referring to claims 11. 19. 27. 35. 47. and 52: 

i. These claims have limitations that is similar to those of claim 
7, thus they are rejected with the same rationale applied against claim 7 above, 
k. Referring to claims 12. 20. 28. 36. and 40: 

i. These claims have limitations that is similar to those of claim 
2, thus they are rejected with the same rationale applied against claim 2 above. 
I. Referring to claim 13: 

i. Baltzley further teaches: 
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(1 ) wherein said secure transfer key pair is read from 
a computer readable medium [i.e., to read encrypted digital messages sent to a 
user, the user is first prompted for a passphrase. The passphrase is then hashed 
and transmitted to the encryption server for authentication. Once the hashed 
passphrase is authenticated, the encryption server transmits the user's encrypted 
private key back to the client computer, where it is decrypted. The user may now 
use the private key to read any digital messages he has received (column 2, lines 
40-48)]. 

m. Referring to claims 14, 22. 30. and 38: 

i. These claims have limitations that is similar to those of 
claims 2 and 7, thus they are rejected with the same rationale applied against claims 2 
and 7 above. 

n. Referring to claims 16. 24, and 32: 

i. These claims have limitations that is similar to those of claim 
1 , thus they are rejected with the same rationale applied against claim 1 above, 
o. Referring to claims 17. 25. 33. 43. and 49: 

i. These claims have limitations that is similar to those of claim 
5, thus they are rejected with the same rationale applied against claim 5 above, 
p. Referring to claims 18 and 26: 

i. These claims have limitations that is similar to those of claim 
10, thus they are rejected with the same rationale applied against claim 10 above, 
q. Referring to claims 21. 29. 37. and 53: 

i. These claims have limitations that is similar to those of claim 
13, thus they are rejected with the same rationale applied against claim 13 above, 
r. Referring to claim 34: 
i. Baltzley teaches: 

(1) generating a secure transfer key pair within a server 
(i.e., standalone system) separate from said local computer and from said remote 
computer [i.e., as a matter of fact, once the passphrase is hashed and transmitted 
to the encryption server for authentication. The New User computer program 
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communicates with the Server computer program to generate a public/private key 
pair, a user identifier, and a user passphrase. Once the hashed passphrase is 
authenticated, the encryption server transmits (emphasis added) the user's 
encrypted private key back to the client computer, where it is decrypted. The 
user may now use the private key to read any digital messages he has received 
(column 2, lines 44-48 and refer to Figure 6 for further details). It is further 
understood that a client machine or computer or device is also a client/server 
(i.e., a standalone system). The rejection is also applied to those claims with 
similar limitations]; transferring a secure transfer key pair from said server to said 
local computer; storing said secure transfer key pair within said local computer [i.e., to 
read encrypted digital messages sent to a user, the user is first prompted for a 
passphrase. The passphrase is then hashed and transmitted to the encryption 
server for authentication. Once the hashed passphrase is authenticated, the 
encryption server transmits the user's encrypted private key back to the client 
computer, where it is decrypted. The user may now use the private key to read 
any digital messages he has received (column 2, lines 38-47)]; 

(2) establishing communication between said remote 
computer and said server [i.e., Baltzley's invention provides another important 
technical advantage by providing a way to securely store a user's private key on 
an encryption server so a user may access the private key from any client 
machine on the encryption server network, thus providing roaming capability 
(column 2, lines 59-63)]; 

(3) transferring said secure transfer key pair from said 
server to said remote computer; storing said secure transfer key pair within said remote 
computer [i.e., to read encrypted digital messages sent to a user, the user is first 
prompted for a passphrase. The passphrase is then hashed and transmitted to 
the encryption server for authentication. Once the hashed passphrase is 
authenticated, the encryption server transmits the user's encrypted private key 
back to the client computer, where it is decrypted. The user may now use the 
private key to read any digital messages he has received (column 2, lines 38-47)]; 
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(4) encrypting said portion of said token data within said 
local computer with a public key of said secure transfer key pair [i.e., once a digital 
message is generated, it is encrypted with a client recipient's public key (column 
2, lines 51-52)]; 

(5) recording said token data, including said portion of 
said token data encrypted with said public key of said secure transfer key pair, within 
said local computer on a computer readable medium; transporting said computer 
readable medium from said local computer to said remote computer; reading said token 
data, including said portion of said token data encrypted with said public key of said 
secure transfer key pair, within said remote computer from said computer readable 
medium; decrypting said portion of said token data within said remote computer with a 
private key of said secure transfer key pair; and enabling said performance of said 
predetermined task in said remote computer in response to decrypting said portion of 
said token data [i.e., as depicted in Figures 5 and 7 (see associated descriptions 
for details in column 5, lines 8-61 and column 6, line 53 through column 7, line 11; 
and column 2, lines 38-48)]; 

(6) reading said token data, including said portion of said 
token data encrypted with said public key of said secure transfer key pair, within said 
secure transfer key pair, within said remote computer from said computer readable 
medium; decrypting said portion of said token data within said local computer with a 
private key of said secure transfer key pair [i.e., as depicted in Figures 5 and 7 (see 
associated descriptions for details in column 5, lines 8-61 and column 6, line 53 
through column 7, line 11)]; 

(7) enabling said performance of a predetermined task 
within said local computer in response to decrypting said portion of said token data [i.e., 
in order to read encrypted digital messages sent to a user, the user is first 
prompted for a passphrase. The passphrase is then hashed and transmitted to 
the encryption server for authentication. Once the hashed passphrase is 
authenticated, the encryption server transmits the user's encrypted private key 
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back to the client computer, where it is decrypted. The user may now use the 
private key to read any digital messages he has received (column 2, lines 40-48)]. 

ii. However, Baltzley does not explicitly mention: 

(1 ) encrypted/decrypted portion of token data. 

iii. Chandra, on the other hand, teaches: 

(1) In accordance with Chandra's invention software can 
be distributed on magnetic media (such as tape or floppy disk) or by other means 
(telephone lines, cable or broadcast transmission). The software is partitioned into an 
encrypted portion P.sub.e and an unencrypted (clear text) portion P.sub.e. The choice 
of the partitioning is made by the software vendor with the understanding that only the 
encrypted portion will be protected from piracy. The encrypted portion, P.sub.e of the 
software will be decrypted and executed by a physically and logically secure 
coprocessor if the coprocessor possesses the decryption key which embodies the right 
to execute. The protected part of the software is, thus, never exposed in plaintext form 
and never executed by unauthorized systems (column 3, lines 52-66). 

iv. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) mention/include a software asset protection 
mechanism (in Baltzley) which is based on the separation of the software to be 
protected from the right to execute that software (see abstract of Chandra). 

v. The ordinary skilled person would have been motivated to: 
(1) mention/include a software asset protection 

mechanism (in Baltzley) because the typical software purchaser may still duplicate at 
will the software he has received from the vendor. However, he cannot duplicate the 
right to use the software; in fact he receives a single right to use the software (column 
3, lines 39-43 of Chandra). 

s. Referring to claim 44: 

i. This claim has limitations that is similar to those of claim 34, 
thus it is rejected with the same rationale applied against claim 34 above. 

t. Referring to claim 50: 
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i. This claim has limitations that is similar to those of claims 1 
and 34, thus it is rejected with the same rationale applied against claims 1 and 34 
above. 

u. Referring to claim 51: 

i. This claim has limitations that is similar to those of claim 2, 
thus it is rejected with the same rationale applied against claim 2 above. 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 

all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 3, 15, 23, 31, 39, 41, and 48 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Baltzley (US 6,154, 543), and further in view of Taaffe (US 
4,747,139). 

a. Referring to claim 3: 

i. Baltzley further teaches: 

(1) each client computer in said plurality thereof includes 
a security subsystem having a subsystem processor and subsystem storage [i.e., 
Figure 2 shows a client machine 110 which can comprise incoming and outgoing 
communication channels 115, a memory 205, and one or more processors 210, 
such as microprocessors or digital signal processors. Memory 205 can include 
any storage medium, including RAM, a hard drive, and tape memory. The 
processors 210 are electrically connected to the memory 205 and have access to 
a New User computer program 215 and an Enabler computer program 220 
(column 4, lines 18-25), 

(2) each client computer in said plurality thereof 
generates a hardware key pair within said security subsystem, a private key of said 
platform key pair is encrypted with said hardware public key and is decrypted with said 
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hardware private key in said security subsystem before said private key of said platform 
key pair is used to decrypt said private key of said secure transfer key pair within said 
security subsystem [i.e., the client computer executes a New User computer 
program and an Enabler computer program to facilitate secure communication. 
Both the New User computer program and the Enabler computer program 
communicate with a Server computer program located on the encryption server. 
The New User computer program communicates with the Server computer 
program to generate a public/private key pair, a user identifier, and a user 
passphrase. The private key is then encrypted with the user passphrase yielding 
an encrypted private key, which is transmitted with the public key to the 
encryption server. The Enabler computer program communicates with the Server 
computer program to enable a user to both read encrypted digital messages sent 
to him or her and send encrypted digital messages to other users. To read 
encrypted digital messages sent to a user, the user is first prompted for a 
passphrase. The passphrase is then hashed and transmitted to the encryption 
server for authentication. Once the hashed passphrase is authenticated, the 
encryption server transmits the user's encrypted private key back to the client 
computer, where it is decrypted. The user may now use the private key to read 
any digital messages he has received (column 2, lines 26-48)]. 

ii. However, Baltzley does not explicitly mention: 

(1) generates a hardware key pair, a private key of said 
hardware key pair is stored in said subsystem storage. 

iii. Whereas, Taaffe teaches: 

(1) In one application of the invention, a hardware key 
generator may be permanently fixed in a computer system and the system may further 
include means for both encripting and decripting software or data. Prior to transmitting 
information from the system, as to a storage unit, the information is encrypted using the 
system encryptor and a key generated by the key generator. The encrypted information 
is not usable without the key generator module in the system. Preferably the encryptor 
is positioned between the CPU bus and each input/output controller. Preferably, the 
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key generator provides the encryptor with the key pair for encryption and transmission 
(column 3, lines 42-60). The hardware module may be combined with a storage 
medium in a software package. The decryption routines and a key sequence to be 
applied to the key generator are stored with the application software on the storage 
medium (see abstract). 

iii. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) thoroughly point out or include such hardware key 
generator for generating/storing a hardware key pair (in Baltzley) to protect software 
from unauthorized copying and unauthorized access (column 1, lines 13-14 of Taaffe). 

iv. The ordinary skilled person would have been motivated to: 
(1) thoroughly point out or include such hardware key 

generator for generating/storing a hardware key pair (in Baltzley), since unauthorized 
access to data is a large problem for the data processing community and the military. 
Unauthorized access can take many forms, from the casual looking at data on a 
terminal connected to the computer to the theft of some sort of storage medium, disk, 
tape, floppy, etc., with subsequent use of the data on another computer (column 1, line 
66 through column 2, line 4 of Taaffe). 

b. Referring to claims 15, 23. 31. 39. 41. and 48: 

i. These claims have limitations that is similar to those of 
claims 3 and 7, thus they are rejected with the same rationale applied against claims 3 
and 7 above. 

Response to Argument 

6. Applicant's arguments filed January 9, 2006 have been fully considered 
but they are not persuasive. 

Applicant argues that: 

"Baltzley does not describe generating a secure transfer key pair and 
transmitting it to each of the client systems in a group of client systems to be used with 
a token". 

Examiner disagrees with applicant's remarks and still maintains that: 
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Baltzley does teach the claimed subject matter. As a matter of fact, once 
the passphrase is hashed and transmitted to the encryption server for authentication. 
The New User computer program communicates with the Server computer 
program to generate a public/private key pair, a user identifier, and a user 
passphrase. Once the hashed passphrase is authenticated, the encryption server 
transmits (emphasis added) the user's encrypted private key back to the client 
computer, where it is decrypted. The user may now use the private key to read any 
digital messages he has received (column 2, lines 44-48 and refer to Figure 6 for further 
details). Furthermore, Figure 3 shows a diagram of an encryption server comprising 
incoming and outgoing communication channels, a New User computer program, an 
Enabler computer program, a Server computer program, memory, processors, and a 
database having a plurality of encrypted private keys, public keys, user identifiers and 
hashed passphrases. Thus, the server could generate the secure key pair as recited in 
all the independent claims of the application. The rejection is also applied to those 
claims with similar limitations. 

Applicant further argues that: 

"Baltzley does not describe the recording of data on computer readable 
media that are transportable among the client (e.g., user) computers." 

Examiner still does not agree with the applicant and maintains that: 

Baltzley does teach encrypted voice and data communication systems are 
well known in the art. These cryptosystems allow a user to digitally transmit 
information to one or more system users without it being intercepted and 
interpreted. This is accomplished by encrypting and decrypting the transmitted 
information with what is known as an encryption key. Encryption keys may be secret 
keys, where a single key is utilized for encryption and decryption, or public keys, where 
two or more keys are used (column 1, lines 12-20 of Baltzley). 

Applicant further argues that: 

"Chandra et al does not describe a secure transfer pair being generated in 
a server so that token data can subsequently be recorded in the client system separate 
from the server." 
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Examiner still does not agree with the applicant and maintains that: 
First of all, Baltzley does teach a public key cryptosystem with roaming 
user capability within a network that allows secure communication between users of the 
system, client machines, and encryption servers. However, Baltzley is silent on the 
capability to encrypt/decrypt portion of token data. Chandra, on the other hand, teaches 
a software can be distributed on magnetic media (such as tape or floppy disk) or by 
other means (telephone lines, cable or broadcast transmission). The software is 
partitioned into an encrypted portion P.sub.e and an unencrypted (clear text) portion 
P.sub.e. The choice of the partitioning is made by the software vendor with the 
understanding that only the encrypted portion will be protected from piracy. The 
encrypted portion, P.sub.e of the software will be decrypted and executed by a 
physically and logically secure coprocessor if the coprocessor possesses the decryption 
key which embodies the right to execute. The protected part of the software is, thus, 
never exposed in plaintext form and never executed by unauthorized systems (column 
3, lines 52-66). Thus, the combination in teachings between Baltzley and Chandra 
teaches the claim subject matter. Secondly, the above limitation that applicant 
mentioned, such as, so that token data can subsequently be recorded in the client 
system separate from the server, does not even address any where in the 
independent claims. In response to applicant's argument that the references fail to show 
certain features of applicant's invention, it is noted that the features upon which 
applicant relies (i.e., token data can subsequently be recorded in the client system 
separate from the server) are not recited in the rejected claim(s). Although the claims 
are interpreted in light of the specification, limitations from the specification are not read 
into the claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 
1993). 

In response to applicant's argument that there is no suggestion to combine 
the references, the examiner recognizes that obviousness can only be established by 
combining or modifying the teachings of the prior art to produce the claimed invention 
where there is some teaching, suggestion, or motivation to do so found either in the 
references themselves or in the knowledge generally available to one of ordinary skill in 
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the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988)and In re 
Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). In this case, the combination 
in teachings between Baltzley and Chandra and the combination in teachings between 
Baltzley and Taffee are proper. 

Baltzley, Chandra, and Taffee do not need to disclose anything over and 
above the invention as claimed in order to render it unpatentable or anticipate. A 
recitation of the intended use of the claimed invention must result in a structural 
difference between the claimed invention and the prior art in order to patentably 
distinguish the claimed invention from the prior art. If the prior art structure is capable of 
performing the intended use, then it meets the claimed limitations. 

For the above reasons, it is believed that the rejections should be 

sustained. 

Conclusion 

7. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. In the event a first reply is filed 
within TWO MONTHS of the mailing date of this final action and the advisory action is 
not mailed until after the end of the THREE-MONTH shortened statutory period, then 
the shortened statutory period will expire on the date the advisory action is mailed, and 
any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date 
of the advisory action. In no event, however, will the statutory period for reply expire 
later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Thanhnga (Tanya) Truong whose telephone number 
is 571-272-3858. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Kim Vu can be reached on 571-272-3859. The fax and phone 
numbers for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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Any inquiry of a general nature or relating to the status of this application 
or proceeding should be directed to the receptionist whose telephone number is 571- 
272-2100. 



TBT 

May 12, 2006 



